The need for security has never been higher. The threats from viruses, malware and hackers is far more dangerous than ever before. Fortunately, we have the tools to deal with most of it. Unfortunately, most aren't taking advantage of the tools.
A brief rundown of current attacks:
First and foremost, get serious about passwords. Most people use the same or very similar password everywhere. More than half a billion email accounts with passwords have been hacked already in 2016. Hackers take over email accounts on a regular basis and garner bank statements, contacts, etc. and then attack promising targets with variations of your name and password. It's all done by scripts, so it takes no hacker time, just a computer grinding away.
The absolutely minimum password length is 8 character, 12 is better. It should have a mixture of upper, lower, number and special characters (punctuation). We all know it is difficult to keep these passwords straight, so get a password manager like LastPass (has both a free and paid version), RoboForm or the free, but tricky to use KeePass.
These password managers require that you remember only one master password. Afterwards, they will automatically enter your password when you enter sites.
Experts estimate that approximately 90% of hacker attacks come through email attachments. If they can entice you into opening their virus-infested email attachment, they can perform nearly any kind of attack. Get in the habit of NOT opening attachments. If your bank sends you an email saying there's something wrong with your account, do not open the attachment or click on a link in the email. Instead, open your browser and go to your bank in the normal manner. If there is an irregularity, they will post it as you sign in. But they won't. Virtually all such messages are hacks.
If you are in an environment where you have to open attachments, use a lot of care. Read the message carefully before opening attachments. Does this message look like it really came from the person who says they sent it? If the message is generic: "Thought you'd like this," "This is sick," etc. Don't open. If you feel you should, call them and verify that they really sent it. Most of the time, you'll be able to tell whether it was really sent by whomever it says it was sent by. Don't click on it "just to see."
Hackers try to get you scared. People don't think well when they are scared. When something goes wrong, stop to think carefully. The Blue Screen of Death hack tries to make you think your computer crashed and offers a "Microsoft" phone number to call. Microsoft has never put any phone number on an error message. An 800 number is a tip-off that it is a fake. More than half of Microsoft's business is with people who cannot access US 800 numbers. The first item of business when you get a Blue Screen is to reboot. Hold the power button down for 15 seconds if you have to. Most of the time that will fix the problem -- if you haven't done something silly in the meantime.
If you get a phone call from the IRS, FBI, Microsoft or other official-sounding party, stop to think.
For DVRs, cameras, toasters or other Internet-connected devices, change the default security settings. Unfortunately, you will probably have to read the manual, which may only be available online. Find out how to log into all your devices and at the very minimum change username and password. Write them down or put them into your password manager. If the device has no ability to change username and password, return it. Several companies that released devices that have no ability to change credentials, have offered to replace those devices with ones that do. Take advantage.
The one item that protects you from outside Internet attacks is your router. Log in and turn off Universal Plug and Play (UPnP) and make sure there is no capability to manage the router from outside your network. Internet Service Providers (ISPs) like to have backdoors into your router so they can troubleshoot problems when you call. Unfortunately, they use universal usernames and passwords, so almost anyone can get into your router. If you cannot figure out how to do this with your ISP, install a second router behind theirs and connect all your devices to your router. Don't let anything in the house or office connect directly to the ISP's router. Be sure to turn off UPnP on your inside router, too.
Take care of your security. Be pro-active when you hear about new vulnerabilities and check your setup against what the vulnerability attacks. Most of the time you will be covered. Not that many new vectors are uncovered. Mostly it is just a repeat of previous schemes.
Visit the CIPCUG user group website for the best self-help resource in the county.